Date: Sun, 25 Jun 2000 11:38:03 -0700 (PDT) From: dima@rdy.com (Dima Ruban) To: Wes Peters <wes@softweyr.com> Cc: dima@rdy.com, Koga Youichirou <y-koga@jp.FreeBSD.org>, wollman@khavrinen.lcs.mit.edu, silby@silby.com, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <200006251838.LAA01288@sivka.rdy.com> In-Reply-To: <3954410B.5716EE5D@softweyr.com> "from Wes Peters at Jun 23, 2000 11:03:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Wes Peters writes:
> Dima Ruban wrote:
> >
> > What's the purpose of this patch?
> > I didn't look at the code, but to me it sounds like it's pretty much
> > irrelevant whether you gonna use ``foo(fmt, string)'' or ``foo(string)''
>
> If string contains formatting codes, foo("%s", string) does the right
> thing and just puts out the formatting codes in the string. foo(string)
> tries to interpret the embedded format codes and blows the stack.
>
Well, if in addition to "fmt" argument, string will contain formatting code[s],
the result will be just the same. (at least with printf() family).
> --
> "Where am I, and what am I doing in this handbasket?"
>
> Wes Peters Softweyr LLC
> wes@softweyr.com http://softweyr.com/
>
-- dima
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006251838.LAA01288>